CVE-2014-9296
published 2014-12-20CVE-2014-9296: The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote…
PriorityP341medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
16.16%
96.5th percentile
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | products | — | — |
| debian | ntp | < ntp 1:4.2.6.p5+dfsg-3.2 (bullseye) | ntp 1:4.2.6.p5+dfsg-3.2 (bullseye) |
| ntp | ntp | <= 4.2.7 | — |
| ntp | ntp | >= 0 < 1:4.2.6.p5+dfsg-3.2 | 1:4.2.6.p5+dfsg-3.2 |
| ntp | ntp | >= 0 < 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_cisco7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Network Time Protocol Vulnerabilities (Update C)
cisa_ics·2015-02-04
Network Time Protocol Vulnerabilities (Update C)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Network Time Protocol Vulnerabilities (Update C)
Last RevisedAugust 29, 2018
Alert CodeICSA-14-353-01C
## OVERVIEW
This updated advisory is a follow-up to the updated advisory titled ICSA-14-353-01B Network Time Protocol Vulnerabilities that was published February 4, 2015, on the NCCIC/ICS-CERT web site.
Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational industrial control systems deployments, ICS-CERT is providing this inform
CISA ICS
Network Time Protocol Vulnerabilities (Update B)
cisa_ics·2014-12-23
Network Time Protocol Vulnerabilities (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Network Time Protocol Vulnerabilities (Update B)
Last RevisedSeptember 10, 2018
Alert CodeICSA-14-353-01B
## OVERVIEW
This updated advisory is a follow-up to the updated advisory titled ICSA-14-353-01A Network Time Protocol Vulnerabilities that was published December 23, 2014, on the NCCIC/ICS-CERT web site.
Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational industrial control systems deployments, ICS-CERT is providing this in
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco·2014-12-23·CVSS 7.5
CVE-2014-9293 [HIGH] CWE-119 Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition.
On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows:
CVE-2014-9293: Weak Default Key in config_auth()
CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to Generate Sym
BSD
FreeBSD-SA-14:31.ntp: Multiple vulnerabilities in NTP suite
bsd_advisories·2014-12-23·CVSS 7.5
CVE-2014-9293 [HIGH] FreeBSD-SA-14:31.ntp: Multiple vulnerabilities in NTP suite
FreeBSD-SA-14:31.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in NTP suite
Category: contrib
Module: ntp
Announced: 2014-12-23
Affects: All supported versions of FreeBSD.
Corrected: 2014-12-22 19:07:16 UTC (stable/10, 10.1-STABLE)
2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3)
2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15)
2014-12-22 19:08:09 UTC (stable/9, 9.3-STABLE)
2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7)
2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17)
2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24)
2014-12-22 19:08:09 UTC (stable/8, 8.4-STABLE)
2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21)
CVE Name: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
For general information regarding FreeBSD Securi
Ubuntu
NTP vulnerabilities
vendor_ubuntu·2014-12-22·CVSS 7.5
CVE-2014-9293 [HIGH] NTP vulnerabilities
Title: NTP vulnerabilities
Summary: Several security issues were fixed in NTP.
Neel Mehta discovered that NTP generated weak authentication keys. A remote
attacker could possibly use this issue to brute force the authentication
key and send requests if permitted by IP restrictions. (CVE-2014-9293)
Stephen Roettger discovered that NTP generated weak MD5 keys. A remote
attacker could possibly use this issue to brute force the MD5 key and spoof
a client or server. (CVE-2014-9294)
Stephen Roettger discovered that NTP contained buffer overflows in the
crypto_recv(), ctl_putdata() and configure() functions. In non-default
configurations, a remote attacker could use these issues to cause NTP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. The default compiler o
Red Hat
ntp: receive() missing return on error
vendor_redhat·2014-12-19·CVSS 5.0
CVE-2014-9296 [MEDIUM] CWE-390 ntp: receive() missing return on error
ntp: receive() missing return on error
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.
A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism.
Statement: This issue did not affect the versions of ntpd as shipped with Red Hat Enterprise Linux 4 and 5. It has been addressed in Red Hat Enterprise Linux 6 and 7 via RHSA-2014:2024.
Mitigation: Remove or comment out all configuration directives beginning with the crypto keyword in your ntp.conf file.
Package: ntp (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2014-9296: ntp - The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to exe...
vendor_debian·2014·CVSS 5.0
CVE-2014-9296 [MEDIUM] CVE-2014-9296: ntp - The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to exe...
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.
Scope: local
bullseye: resolved (fixed in 1:4.2.6.p5+dfsg-3.2)
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9293 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9293: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9295 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9295: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9296 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9296: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9294 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9294: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9298 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9298: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9297 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9297: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
GHSA
GHSA-9prp-4cr8-gqhf: The receive function in ntp_proto
ghsa_unreviewed·2022-05-13
CVE-2014-9296 [MEDIUM] GHSA-9prp-4cr8-gqhf: The receive function in ntp_proto
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.
OSV
ntp vulnerabilities
osv·2014-12-22·CVSS 7.5
CVE-2014-9293 [HIGH] ntp vulnerabilities
ntp vulnerabilities
Neel Mehta discovered that NTP generated weak authentication keys. A remote
attacker could possibly use this issue to brute force the authentication
key and send requests if permitted by IP restrictions. (CVE-2014-9293)
Stephen Roettger discovered that NTP generated weak MD5 keys. A remote
attacker could possibly use this issue to brute force the MD5 key and spoof
a client or server. (CVE-2014-9294)
Stephen Roettger discovered that NTP contained buffer overflows in the
crypto_recv(), ctl_putdata() and configure() functions. In non-default
configurations, a remote attacker could use these issues to cause NTP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. The default compiler options for affected releases should reduce the
vulnerability
OSV
CVE-2014-9296: The receive function in ntp_proto
osv·2014-12-20·CVSS 5.0
CVE-2014-9296 [MEDIUM] CVE-2014-9296: The receive function in ntp_proto
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-9296 ntp: receive() missing return on error
bugzilla·2014-12-19·CVSS 5.0
CVE-2014-9296 [MEDIUM] CVE-2014-9296 ntp: receive() missing return on error
CVE-2014-9296 ntp: receive() missing return on error
As per upstream NTP security advisory:
Code in ntp_proto.c:receive() was missing a 'return;' in the code path where an error was detected, which meant processing did not stop when a specific rare error occurred. We haven't found a way for this bug to affect system integrity. If there is no way to affect system integrity the base CVSS score for this bug is 0. If there is one avenue through which system integrity can be partially affected, the base score becomes a 5. If system integrity can be partially affected via all three integrity metrics, the CVSS base score become 7.5.
This vulnerability was discovered by Stephen Roettger of the Google Security Team.
Mitigation:
Remove or comment out all configuration directives beginning with
Bugzilla
CVE-2014-9296 CVE-2014-9294 CVE-2014-9295 CVE-2014-9293 ntp: various flaws [fedora-all]
bugzilla·2014-12-19·CVSS 7.5
CVE-2014-9296 [HIGH] CVE-2014-9296 CVE-2014-9294 CVE-2014-9295 CVE-2014-9293 ntp: various flaws [fedora-all]
CVE-2014-9296 CVE-2014-9294 CVE-2014-9295 CVE-2014-9293 ntp: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported ve
arXiv
Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
arxiv_fulltext·2020-08-17
Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
-2emBinary-level Directed Fuzzing for Use-After-Free Vulnerabilities
## Abstract
Directed fuzzing focuses on automatically testing specific parts of the code by taking advantage of additional information such as (partial) bug stack trace, patches
or risky operations. Key applications include bug reproduction, patch testing and static analysis report verification. Although directed fuzzing has received
a lot of attention recently,
hard-to-detect vulnerabilities such as Use-After-Free ( ) are still not well
addressed,
especially at the binary level.
We propose , the first (binary-level) directed greybox fuzzer dedicated to
\ bugs.
The technique features a fuzzing engine tailored to \ specifics, a lightweight code instrumentation and an efficient bug triage step.
Experimental evaluation f
http://advisories.mageia.org/MGASA-2014-0541.htmlhttp://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548ad06feXHK1HlZoY-WZVyynwvwAghttp://bugs.ntp.org/show_bug.cgi?id=2670http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.htmlhttp://marc.info/?l=bugtraq&m=142590659431171&w=2http://marc.info/?l=bugtraq&m=142853370924302&w=2http://marc.info/?l=bugtraq&m=144182594518755&w=2http://rhn.redhat.com/errata/RHSA-2015-0104.htmlhttp://secunia.com/advisories/62209http://support.ntp.org/bin/view/Main/SecurityNoticehttp://www.kb.cert.org/vuls/id/852879http://www.mandriva.com/security/advisories?name=MDVSA-2015:003http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securityfocus.com/bid/71758https://bugzilla.redhat.com/show_bug.cgi?id=1176040https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232https://kc.mcafee.com/corporate/index?page=content&id=SB10103https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpdhttps://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8http://advisories.mageia.org/MGASA-2014-0541.htmlhttp://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548ad06feXHK1HlZoY-WZVyynwvwAghttp://bugs.ntp.org/show_bug.cgi?id=2670http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.htmlhttp://marc.info/?l=bugtraq&m=142590659431171&w=2http://marc.info/?l=bugtraq&m=142853370924302&w=2http://marc.info/?l=bugtraq&m=144182594518755&w=2http://rhn.redhat.com/errata/RHSA-2015-0104.htmlhttp://secunia.com/advisories/62209http://support.ntp.org/bin/view/Main/SecurityNoticehttp://www.kb.cert.org/vuls/id/852879http://www.mandriva.com/security/advisories?name=MDVSA-2015:003http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securityfocus.com/bid/71758https://bugzilla.redhat.com/show_bug.cgi?id=1176040https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232https://kc.mcafee.com/corporate/index?page=content&id=SB10103https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpdhttps://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8
2014-12-20
Published